kore.h (31954B)
1 /*
2 * Copyright (c) 2013-2022 Joris Vink <joris@coders.se>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17 #ifndef __H_KORE_H
18 #define __H_KORE_H
19
20 #if defined(__APPLE__)
21 #define daemon portability_is_king
22 #endif
23
24 #include <sys/param.h>
25 #include <sys/types.h>
26 #include <sys/time.h>
27 #include <sys/queue.h>
28 #include <sys/un.h>
29
30 #include <netinet/in.h>
31 #include <arpa/inet.h>
32
33 #include <errno.h>
34 #include <regex.h>
35 #include <stdarg.h>
36 #include <stdlib.h>
37 #include <stdio.h>
38 #include <signal.h>
39 #include <string.h>
40 #include <syslog.h>
41 #include <unistd.h>
42 #include <stdarg.h>
43
44 #if defined(__cplusplus)
45 extern "C" {
46 #endif
47
48 #if defined(__APPLE__)
49 #undef daemon
50 extern int daemon(int, int);
51 #define st_mtim st_mtimespec
52 #endif
53
54 #if !defined(KORE_NO_SENDFILE)
55 #if defined(__MACH__) || defined(__FreeBSD_version) || defined(__linux__)
56 #define KORE_USE_PLATFORM_SENDFILE 1
57 #endif
58 #endif
59
60 #if defined(__OpenBSD__)
61 #define KORE_USE_PLATFORM_PLEDGE 1
62 #endif
63
64 #if defined(TLS_BACKEND_OPENSSL)
65 #include <openssl/x509.h>
66 #include <openssl/ssl.h>
67 typedef X509 KORE_X509;
68 typedef SSL KORE_TLS;
69 typedef SSL_CTX KORE_TLS_CTX;
70 typedef X509_NAME KORE_X509_NAMES;
71 typedef EVP_PKEY KORE_PRIVATE_KEY;
72 #else
73 typedef void KORE_X509;
74 typedef void KORE_TLS;
75 typedef void KORE_TLS_CTX;
76 typedef void KORE_X509_NAMES;
77 typedef void KORE_PRIVATE_KEY;
78 #endif
79
80 #define KORE_RSAKEY_BITS 4096
81
82 /* Kore quit reasons. */
83 #define KORE_QUIT_NONE -1
84 #define KORE_QUIT_NORMAL 0
85 #define KORE_QUIT_FATAL 1
86
87 #define KORE_RESULT_ERROR 0
88 #define KORE_RESULT_OK 1
89 #define KORE_RESULT_RETRY 2
90
91 #define KORE_TLS_VERSION_1_3 0
92 #define KORE_TLS_VERSION_1_2 1
93 #define KORE_TLS_VERSION_BOTH 2
94
95 #define KORE_BASE64_RAW 0x0001
96
97 #define KORE_WAIT_INFINITE (u_int64_t)-1
98 #define KORE_RESEED_TIME (1800 * 1000)
99
100 #define errno_s strerror(errno)
101 #define ssl_errno_s ERR_error_string(ERR_get_error(), NULL)
102 #define KORE_DOMAINNAME_LEN 255
103 #define KORE_PIDFILE_DEFAULT "kore.pid"
104 #define KORE_DHPARAM_PATH PREFIX "/share/kore/ffdhe4096.pem"
105 #define KORE_DEFAULT_CIPHER_LIST "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256:AEAD-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256"
106
107 #define NETBUF_RECV 0
108 #define NETBUF_SEND 1
109 #define NETBUF_SEND_PAYLOAD_MAX 8192
110 #define SENDFILE_PAYLOAD_MAX (1024 * 1024 * 10)
111
112 #define NETBUF_LAST_CHAIN 0
113 #define NETBUF_BEFORE_CHAIN 1
114
115 #define NETBUF_CALL_CB_ALWAYS 0x01
116 #define NETBUF_FORCE_REMOVE 0x02
117 #define NETBUF_MUST_RESEND 0x04
118 #define NETBUF_IS_STREAM 0x10
119 #define NETBUF_IS_FILEREF 0x20
120
121 #define KORE_X509_COMMON_NAME_ONLY 0x0001
122
123 #define KORE_PEM_CERT_CHAIN 1
124 #define KORE_DER_CERT_DATA 2
125
126 /* XXX hackish. */
127 #if !defined(KORE_NO_HTTP)
128 struct http_request;
129 struct http_redirect;
130 #endif
131
132 #define KORE_FILEREF_SOFT_REMOVED 0x1000
133
134 struct kore_fileref {
135 int cnt;
136 int flags;
137 int ontls;
138 off_t size;
139 char *path;
140 u_int64_t mtime;
141 time_t mtime_sec;
142 u_int64_t expiration;
143 void *base;
144 int fd;
145 TAILQ_ENTRY(kore_fileref) list;
146 };
147
148 struct netbuf {
149 u_int8_t *buf;
150 size_t s_off;
151 size_t b_len;
152 size_t m_len;
153 u_int8_t type;
154 u_int8_t flags;
155
156 struct kore_fileref *file_ref;
157 off_t fd_off;
158 off_t fd_len;
159
160 struct connection *owner;
161 void *extra;
162 int (*cb)(struct netbuf *);
163
164 TAILQ_ENTRY(netbuf) list;
165 };
166
167 TAILQ_HEAD(netbuf_head, netbuf);
168
169 #define KORE_TYPE_LISTENER 1
170 #define KORE_TYPE_CONNECTION 2
171 #define KORE_TYPE_PGSQL_CONN 3
172 #define KORE_TYPE_TASK 4
173 #define KORE_TYPE_PYSOCKET 5
174 #define KORE_TYPE_CURL_HANDLE 6
175
176 #define CONN_STATE_UNKNOWN 0
177 #define CONN_STATE_TLS_SHAKE 1
178 #define CONN_STATE_ESTABLISHED 2
179 #define CONN_STATE_DISCONNECTING 3
180
181 #define CONN_PROTO_UNKNOWN 0
182 #define CONN_PROTO_HTTP 1
183 #define CONN_PROTO_WEBSOCKET 2
184 #define CONN_PROTO_MSG 3
185 #define CONN_PROTO_ACME_ALPN 200
186
187 #define KORE_EVENT_READ 0x01
188 #define KORE_EVENT_WRITE 0x02
189 #define KORE_EVENT_ERROR 0x04
190
191 #define CONN_IDLE_TIMER_ACT 0x0001
192 #define CONN_CLOSE_EMPTY 0x0002
193 #define CONN_WS_CLOSE_SENT 0x0004
194 #define CONN_IS_BUSY 0x0008
195 #define CONN_LOG_TLS_FAILURE 0x0020
196 #define CONN_TLS_ALPN_ACME_SEEN 0x0040
197 #define CONN_TLS_SNI_SEEN 0x0080
198
199 #define KORE_IDLE_TIMER_MAX 5000
200
201 #define WEBSOCKET_OP_CONT 0x00
202 #define WEBSOCKET_OP_TEXT 0x01
203 #define WEBSOCKET_OP_BINARY 0x02
204 #define WEBSOCKET_OP_CLOSE 0x08
205 #define WEBSOCKET_OP_PING 0x09
206 #define WEBSOCKET_OP_PONG 0x0a
207
208 #define WEBSOCKET_BROADCAST_LOCAL 1
209 #define WEBSOCKET_BROADCAST_GLOBAL 2
210
211 #define KORE_TIMER_ONESHOT 0x01
212 #define KORE_TIMER_FLAGS (KORE_TIMER_ONESHOT)
213
214 #define KORE_CONNECTION_PRUNE_DISCONNECT 0
215 #define KORE_CONNECTION_PRUNE_ALL 1
216
217 struct kore_event {
218 int type;
219 int flags;
220 void (*handle)(void *, int);
221 } __attribute__((packed));
222
223 struct connection {
224 struct kore_event evt;
225 int fd;
226 u_int8_t state;
227 u_int8_t proto;
228 struct listener *owner;
229 KORE_TLS *tls;
230 KORE_X509 *tls_cert;
231 char *tls_sni;
232 int tls_reneg;
233
234 u_int16_t flags;
235 void *hdlr_extra;
236
237 int (*handle)(struct connection *);
238 void (*disconnect)(struct connection *);
239 int (*read)(struct connection *, size_t *);
240 int (*write)(struct connection *, size_t, size_t *);
241
242 int family;
243 union {
244 struct sockaddr_in ipv4;
245 struct sockaddr_in6 ipv6;
246 struct sockaddr_un sun;
247 } addr;
248
249 struct {
250 u_int64_t length;
251 u_int64_t start;
252 } idle_timer;
253
254 struct netbuf_head send_queue;
255 struct netbuf *snb;
256 struct netbuf *rnb;
257
258 #if !defined(KORE_NO_HTTP)
259 u_int64_t http_start;
260 u_int64_t http_timeout;
261 struct kore_runtime_call *ws_connect;
262 struct kore_runtime_call *ws_message;
263 struct kore_runtime_call *ws_disconnect;
264 TAILQ_HEAD(, http_request) http_requests;
265 #endif
266
267 TAILQ_ENTRY(connection) list;
268 };
269
270 TAILQ_HEAD(connection_list, connection);
271 extern struct connection_list connections;
272 extern struct connection_list disconnected;
273
274 #define KORE_RUNTIME_NATIVE 0
275 #define KORE_RUNTIME_PYTHON 1
276
277 struct kore_runtime {
278 int type;
279 #if !defined(KORE_NO_HTTP)
280 int (*http_request)(void *, struct http_request *);
281 void (*http_request_free)(void *, struct http_request *);
282 void (*http_body_chunk)(void *,
283 struct http_request *, const void *, size_t);
284 int (*validator)(void *, struct http_request *, const void *);
285 void (*wsconnect)(void *, struct connection *);
286 void (*wsdisconnect)(void *, struct connection *);
287 void (*wsmessage)(void *, struct connection *,
288 u_int8_t, const void *, size_t);
289 #endif
290 void (*execute)(void *);
291 int (*onload)(void *, int);
292 void (*signal)(void *, int);
293 void (*connect)(void *, struct connection *);
294 void (*configure)(void *, int, char **);
295 };
296
297 struct kore_runtime_call {
298 void *addr;
299 struct kore_runtime *runtime;
300 };
301
302 #if !defined(KORE_NO_HTTP)
303
304 struct kore_route_params {
305 char *name;
306 int flags;
307 u_int8_t method;
308 struct kore_validator *validator;
309
310 TAILQ_ENTRY(kore_route_params) list;
311 };
312
313 struct kore_route {
314 char *path;
315 char *func;
316 int type;
317 int errors;
318 int methods;
319 regex_t rctx;
320 struct kore_domain *dom;
321 struct kore_auth *auth;
322 struct kore_runtime_call *rcall;
323 struct kore_runtime_call *on_free;
324 struct kore_runtime_call *on_headers;
325 struct kore_runtime_call *on_body_chunk;
326
327 TAILQ_HEAD(, kore_route_params) params;
328 TAILQ_ENTRY(kore_route) list;
329 };
330
331 #endif
332
333 struct kore_domain {
334 u_int16_t id;
335 int logerr;
336 u_int64_t logwarn;
337 int accesslog;
338
339 char *domain;
340 struct kore_buf *logbuf;
341 struct kore_server *server;
342
343 #if defined(KORE_USE_ACME)
344 int acme;
345 int acme_challenge;
346 void *acme_cert;
347 size_t acme_cert_len;
348 #endif
349 char *cafile;
350 char *crlfile;
351 char *certfile;
352 char *certkey;
353 KORE_TLS_CTX *tls_ctx;
354 int x509_verify_depth;
355 #if !defined(KORE_NO_HTTP)
356 TAILQ_HEAD(, kore_route) routes;
357 TAILQ_HEAD(, http_redirect) redirects;
358 #endif
359 TAILQ_ENTRY(kore_domain) list;
360 };
361
362 TAILQ_HEAD(kore_domain_h, kore_domain);
363
364 extern struct kore_runtime kore_native_runtime;
365
366 struct listener {
367 struct kore_event evt;
368 int fd;
369 int family;
370 char *port;
371 char *host;
372 struct kore_server *server;
373 struct kore_runtime_call *connect;
374
375 LIST_ENTRY(listener) list;
376 };
377
378 struct kore_server {
379 int tls;
380 char *name;
381 struct kore_domain_h domains;
382 LIST_HEAD(, listener) listeners;
383 LIST_ENTRY(kore_server) list;
384 };
385
386 LIST_HEAD(kore_server_list, kore_server);
387
388 #if !defined(KORE_NO_HTTP)
389
390 #define KORE_PARAMS_QUERY_STRING 0x0001
391
392 #define KORE_AUTH_TYPE_COOKIE 1
393 #define KORE_AUTH_TYPE_HEADER 2
394 #define KORE_AUTH_TYPE_REQUEST 3
395
396 struct kore_auth {
397 u_int8_t type;
398 char *name;
399 char *value;
400 char *redirect;
401 struct kore_validator *validator;
402
403 TAILQ_ENTRY(kore_auth) list;
404 };
405
406 #define HANDLER_TYPE_STATIC 1
407 #define HANDLER_TYPE_DYNAMIC 2
408
409 #endif /* !KORE_NO_HTTP */
410
411 #define KORE_MODULE_LOAD 1
412 #define KORE_MODULE_UNLOAD 2
413
414 #define KORE_MODULE_NATIVE 0
415 #define KORE_MODULE_PYTHON 1
416
417 struct kore_module;
418
419 struct kore_module_functions {
420 void (*free)(struct kore_module *);
421 void (*reload)(struct kore_module *);
422 int (*callback)(struct kore_module *, int);
423 void (*load)(struct kore_module *);
424 void *(*getsym)(struct kore_module *, const char *);
425 };
426
427 struct kore_module {
428 void *handle;
429 char *path;
430 char *onload;
431 int type;
432 struct kore_runtime_call *ocb;
433
434 struct kore_module_functions *fun;
435 struct kore_runtime *runtime;
436
437 TAILQ_ENTRY(kore_module) list;
438 };
439
440 /*
441 * The workers get a 128KB log buffer per worker, and parent will fetch their
442 * logs when it reached at least 75% of that or if its been > 1 second since
443 * it was last synced.
444 */
445 #define KORE_ACCESSLOG_BUFLEN 131072U
446 #define KORE_ACCESSLOG_SYNC 98304U
447
448 struct kore_alog_header {
449 u_int16_t domain;
450 u_int16_t loglen;
451 } __attribute__((packed));
452
453 struct kore_privsep {
454 char *root;
455 char *runas;
456 int skip_runas;
457 int skip_chroot;
458 };
459
460 struct kore_worker {
461 u_int16_t id;
462 u_int16_t cpu;
463 int ready;
464 int running;
465 #if defined(__linux__)
466 int tracing;
467 #endif
468 pid_t pid;
469 int pipe[2];
470 struct connection *msg[2];
471 u_int8_t has_lock;
472 int restarted;
473 u_int64_t time_locked;
474 struct kore_route *active_route;
475 struct kore_privsep *ps;
476
477 /* Used by the workers to store accesslogs. */
478 struct {
479 int lock;
480 size_t offset;
481 char buf[KORE_ACCESSLOG_BUFLEN];
482 } lb;
483 };
484
485 #if !defined(KORE_NO_HTTP)
486
487 #define KORE_VALIDATOR_TYPE_REGEX 1
488 #define KORE_VALIDATOR_TYPE_FUNCTION 2
489
490 struct kore_validator {
491 u_int8_t type;
492 char *name;
493 char *arg;
494 regex_t rctx;
495 struct kore_runtime_call *rcall;
496
497 TAILQ_ENTRY(kore_validator) list;
498 };
499 #endif /* !KORE_NO_HTTP */
500
501 #define KORE_BUF_OWNER_API 0x0001
502
503 struct kore_buf {
504 u_int8_t *data;
505 int flags;
506 size_t length;
507 size_t offset;
508 };
509
510 #define KORE_JSON_TYPE_OBJECT 0x0001
511 #define KORE_JSON_TYPE_ARRAY 0x0002
512 #define KORE_JSON_TYPE_STRING 0x0004
513 #define KORE_JSON_TYPE_NUMBER 0x0008
514 #define KORE_JSON_TYPE_LITERAL 0x0010
515 #define KORE_JSON_TYPE_INTEGER 0x0020
516 #define KORE_JSON_TYPE_INTEGER_U64 0x0040
517
518 #define KORE_JSON_FALSE 0
519 #define KORE_JSON_TRUE 1
520 #define KORE_JSON_NULL 2
521
522 #define KORE_JSON_DEPTH_MAX 10
523
524 #define KORE_JSON_ERR_NONE 0
525 #define KORE_JSON_ERR_INVALID_OBJECT 1
526 #define KORE_JSON_ERR_INVALID_ARRAY 2
527 #define KORE_JSON_ERR_INVALID_STRING 3
528 #define KORE_JSON_ERR_INVALID_NUMBER 4
529 #define KORE_JSON_ERR_INVALID_LITERAL 5
530 #define KORE_JSON_ERR_DEPTH 6
531 #define KORE_JSON_ERR_EOF 7
532 #define KORE_JSON_ERR_INVALID_JSON 8
533 #define KORE_JSON_ERR_INVALID_SEARCH 9
534 #define KORE_JSON_ERR_NOT_FOUND 10
535 #define KORE_JSON_ERR_TYPE_MISMATCH 11
536 #define KORE_JSON_ERR_LAST KORE_JSON_ERR_TYPE_MISMATCH
537
538 #define kore_json_find_object(j, p) \
539 kore_json_find(j, p, KORE_JSON_TYPE_OBJECT)
540
541 #define kore_json_find_array(j, p) \
542 kore_json_find(j, p, KORE_JSON_TYPE_ARRAY)
543
544 #define kore_json_find_string(j, p) \
545 kore_json_find(j, p, KORE_JSON_TYPE_STRING)
546
547 #define kore_json_find_number(j, p) \
548 kore_json_find(j, p, KORE_JSON_TYPE_NUMBER)
549
550 #define kore_json_find_integer(j, p) \
551 kore_json_find(j, p, KORE_JSON_TYPE_INTEGER)
552
553 #define kore_json_find_integer_u64(j, p) \
554 kore_json_find(j, p, KORE_JSON_TYPE_INTEGER_U64)
555
556 #define kore_json_find_literal(j, p) \
557 kore_json_find(j, p, KORE_JSON_TYPE_LITERAL)
558
559 #define kore_json_create_object(o, n) \
560 kore_json_create_item(o, n, KORE_JSON_TYPE_OBJECT)
561
562 #define kore_json_create_array(o, n) \
563 kore_json_create_item(o, n, KORE_JSON_TYPE_ARRAY)
564
565 #define kore_json_create_string(o, n, v) \
566 kore_json_create_item(o, n, KORE_JSON_TYPE_STRING, v)
567
568 #define kore_json_create_number(o, n, v) \
569 kore_json_create_item(o, n, KORE_JSON_TYPE_NUMBER, (double)v)
570
571 #define kore_json_create_integer(o, n, v) \
572 kore_json_create_item(o, n, KORE_JSON_TYPE_INTEGER, (int64_t)v)
573
574 #define kore_json_create_integer_u64(o, n, v) \
575 kore_json_create_item(o, n, KORE_JSON_TYPE_INTEGER_U64, (u_int64_t)v)
576
577 #define kore_json_create_literal(o, n, v) \
578 kore_json_create_item(o, n, KORE_JSON_TYPE_LITERAL, v)
579
580 struct kore_json {
581 const u_int8_t *data;
582 int depth;
583 size_t length;
584 size_t offset;
585
586 struct kore_buf tmpbuf;
587 struct kore_json_item *root;
588 };
589
590 struct kore_json_item {
591 u_int32_t type;
592 char *name;
593 struct kore_json_item *parent;
594
595 union {
596 TAILQ_HEAD(, kore_json_item) items;
597 char *string;
598 double number;
599 int literal;
600 int64_t integer;
601 u_int64_t u64;
602 } data;
603
604 int (*parse)(struct kore_json *,
605 struct kore_json_item *);
606
607 TAILQ_ENTRY(kore_json_item) list;
608 };
609
610 struct kore_pool_region {
611 void *start;
612 size_t length;
613 LIST_ENTRY(kore_pool_region) list;
614 };
615
616 struct kore_pool_entry {
617 u_int8_t state;
618 struct kore_pool_region *region;
619 LIST_ENTRY(kore_pool_entry) list;
620 };
621
622 struct kore_pool {
623 size_t elen;
624 size_t slen;
625 size_t elms;
626 size_t inuse;
627 size_t growth;
628 volatile int lock;
629 char *name;
630
631 LIST_HEAD(, kore_pool_region) regions;
632 LIST_HEAD(, kore_pool_entry) freelist;
633 };
634
635 struct kore_timer {
636 u_int64_t nextrun;
637 u_int64_t interval;
638 int flags;
639 void *arg;
640 void (*cb)(void *, u_int64_t);
641
642 TAILQ_ENTRY(kore_timer) list;
643 };
644
645 /*
646 * Keymgr process is worker index 0, but id 2000.
647 * Acme process is worker index 1, but id 2001.
648 */
649 #define KORE_WORKER_KEYMGR_IDX 0
650 #define KORE_WORKER_ACME_IDX 1
651 #define KORE_WORKER_BASE 2
652 #define KORE_WORKER_KEYMGR 2000
653 #define KORE_WORKER_ACME 2001
654 #define KORE_WORKER_MAX UCHAR_MAX
655
656 #define KORE_WORKER_POLICY_RESTART 1
657 #define KORE_WORKER_POLICY_TERMINATE 2
658
659 /* Reserved message ids, registered on workers. */
660 #define KORE_MSG_WEBSOCKET 1
661 #define KORE_MSG_KEYMGR_REQ 2
662 #define KORE_MSG_KEYMGR_RESP 3
663 #define KORE_MSG_SHUTDOWN 4
664 #define KORE_MSG_ENTROPY_REQ 5
665 #define KORE_MSG_ENTROPY_RESP 6
666 #define KORE_MSG_CERTIFICATE 7
667 #define KORE_MSG_CERTIFICATE_REQ 8
668 #define KORE_MSG_CRL 9
669 #define KORE_MSG_ACCEPT_AVAILABLE 10
670 #define KORE_PYTHON_SEND_OBJ 11
671 #define KORE_MSG_WORKER_LOG 12
672 #define KORE_MSG_FATALX 13
673 #define KORE_MSG_ACME_BASE 100
674
675 /* messages for applications should start at 201. */
676 #define KORE_MSG_APP_BASE 200
677
678 /* Predefined message targets. */
679 #define KORE_MSG_PARENT 1000
680 #define KORE_MSG_WORKER_ALL 1001
681
682 struct kore_msg {
683 u_int8_t id;
684 u_int16_t src;
685 u_int16_t dst;
686 size_t length;
687 };
688
689 struct kore_keyreq {
690 int padding;
691 char domain[KORE_DOMAINNAME_LEN + 1];
692 size_t data_len;
693 u_int8_t data[];
694 };
695
696 struct kore_x509_msg {
697 char domain[KORE_DOMAINNAME_LEN + 1];
698 size_t data_len;
699 u_int8_t data[];
700 };
701
702 #if !defined(KORE_SINGLE_BINARY)
703 extern char *config_file;
704 #endif
705
706 extern pid_t kore_pid;
707 extern int kore_quit;
708 extern int kore_quiet;
709 extern int skip_chroot;
710 extern int skip_runas;
711 extern int kore_foreground;
712
713 extern char *kore_pidfile;
714
715 extern volatile sig_atomic_t sig_recv;
716
717 extern char *kore_rand_file;
718 extern int kore_keymgr_active;
719
720 extern struct kore_privsep worker_privsep;
721 extern struct kore_privsep keymgr_privsep;
722 extern struct kore_privsep acme_privsep;
723
724 extern u_int8_t nlisteners;
725 extern u_int16_t cpu_count;
726 extern u_int8_t worker_count;
727 extern const char *kore_version;
728 extern const char *kore_build_date;
729 extern int worker_policy;
730 extern u_int8_t worker_set_affinity;
731 extern u_int32_t worker_rlimit_nofiles;
732 extern u_int32_t worker_max_connections;
733 extern u_int32_t worker_active_connections;
734 extern u_int32_t worker_accept_threshold;
735 extern u_int64_t kore_websocket_maxframe;
736 extern u_int64_t kore_websocket_timeout;
737 extern u_int32_t kore_socket_backlog;
738
739 extern struct kore_worker *worker;
740 extern struct kore_pool nb_pool;
741 extern struct kore_domain *primary_dom;
742 extern struct kore_server_list kore_servers;
743
744 /* kore.c */
745 void kore_signal(int);
746 void kore_shutdown(void);
747 void kore_signal_trap(int);
748 void kore_signal_setup(void);
749 void kore_proctitle(const char *);
750 void kore_default_getopt(int, char **);
751
752 void kore_server_closeall(void);
753 void kore_server_cleanup(void);
754 void kore_server_free(struct kore_server *);
755 void kore_server_finalize(struct kore_server *);
756
757 struct kore_server *kore_server_create(const char *);
758 struct kore_server *kore_server_lookup(const char *);
759
760 void kore_listener_accept(void *, int);
761 struct listener *kore_listener_lookup(const char *);
762 void kore_listener_free(struct listener *);
763 struct listener *kore_listener_create(struct kore_server *);
764 int kore_listener_init(struct listener *, int, const char *);
765
766 int kore_sockopt(int, int, int);
767 int kore_server_bind_unix(struct kore_server *,
768 const char *, const char *);
769 int kore_server_bind(struct kore_server *,
770 const char *, const char *, const char *);
771 /* worker.c */
772 void kore_worker_reap(void);
773 int kore_worker_init(void);
774 void kore_worker_privsep(void);
775 void kore_worker_started(void);
776 void kore_worker_make_busy(void);
777 void kore_worker_shutdown(void);
778 void kore_worker_dispatch_signal(int);
779 int kore_worker_spawn(u_int16_t, u_int16_t, u_int16_t);
780 int kore_worker_keymgr_response_verify(struct kore_msg *,
781 const void *, struct kore_domain **);
782
783 void kore_worker_entry(struct kore_worker *) __attribute__((noreturn));
784
785 struct kore_worker *kore_worker_data(u_int8_t);
786 struct kore_worker *kore_worker_data_byid(u_int16_t);
787
788 /* platform code (linux.c, bsd.c) */
789 void kore_platform_init(void);
790 void kore_platform_sandbox(void);
791 void kore_platform_event_init(void);
792 void kore_platform_event_cleanup(void);
793 void kore_platform_disable_read(int);
794 void kore_platform_disable_write(int);
795 void kore_platform_enable_accept(void);
796 void kore_platform_disable_accept(void);
797 void kore_platform_event_wait(u_int64_t);
798 void kore_platform_event_all(int, void *);
799 void kore_platform_event_level_all(int, void *);
800 void kore_platform_event_level_read(int, void *);
801 void kore_platform_proctitle(const char *);
802 void kore_platform_schedule_read(int, void *);
803 void kore_platform_schedule_write(int, void *);
804 void kore_platform_event_schedule(int, int, int, void *);
805 void kore_platform_worker_setcpu(struct kore_worker *);
806
807 #if defined(KORE_USE_PLATFORM_SENDFILE)
808 int kore_platform_sendfile(struct connection *, struct netbuf *);
809 #endif
810
811 #if defined(KORE_USE_PLATFORM_PLEDGE)
812 void kore_platform_pledge(void);
813 void kore_platform_add_pledge(const char *);
814 #endif
815
816 /* tls variants. */
817 #define KORE_X509_NAME_COMMON_NAME 1
818
819 void kore_tls_init(void);
820 void kore_tls_cleanup(void);
821 void kore_tls_dh_check(void);
822 int kore_tls_supported(void);
823 void kore_tls_version_set(int);
824 void kore_tls_keymgr_init(void);
825 int kore_tls_dh_load(const char *);
826 void kore_tls_seed(const void *, size_t);
827 int kore_tls_ciphersuite_set(const char *);
828 int kore_tls_read(struct connection *, size_t *);
829 void kore_tls_domain_cleanup(struct kore_domain *);
830 int kore_tls_connection_accept(struct connection *);
831 void kore_tls_connection_cleanup(struct connection *);
832 int kore_tls_write(struct connection *, size_t, size_t *);
833 void kore_tls_domain_crl(struct kore_domain *, const void *, size_t);
834 void kore_tls_domain_setup(struct kore_domain *,
835 int, const void *, size_t);
836
837 KORE_PRIVATE_KEY *kore_tls_rsakey_load(const char *);
838 KORE_PRIVATE_KEY *kore_tls_rsakey_generate(const char *);
839
840 int kore_tls_x509_data(struct connection *, u_int8_t **, size_t *);
841 KORE_X509_NAMES *kore_tls_x509_issuer_name(struct connection *);
842 KORE_X509_NAMES *kore_tls_x509_subject_name(struct connection *);
843 int kore_tls_x509name_foreach(KORE_X509_NAMES *, int, void *,
844 int (*)(void *, int, int, const char *,
845 const void *, size_t, int));
846 /* accesslog.c */
847 void kore_accesslog_init(u_int16_t);
848 void kore_accesslog_worker_init(void);
849 void kore_accesslog_run(void *, u_int64_t);
850 void kore_accesslog_gather(void *, u_int64_t, int);
851
852 #if !defined(KORE_NO_HTTP)
853 /* auth.c */
854 int kore_auth_run(struct http_request *, struct kore_auth *);
855 int kore_auth_cookie(struct http_request *, struct kore_auth *);
856 int kore_auth_header(struct http_request *, struct kore_auth *);
857 int kore_auth_request(struct http_request *, struct kore_auth *);
858 void kore_auth_init(void);
859 int kore_auth_new(const char *);
860 struct kore_auth *kore_auth_lookup(const char *);
861 #endif
862
863 /* timer.c */
864 void kore_timer_init(void);
865 void kore_timer_run(u_int64_t);
866 u_int64_t kore_timer_next_run(u_int64_t);
867 void kore_timer_remove(struct kore_timer *);
868 struct kore_timer *kore_timer_add(void (*cb)(void *, u_int64_t),
869 u_int64_t, void *, int);
870
871 /* connection.c */
872 void kore_connection_init(void);
873 void kore_connection_cleanup(void);
874 void kore_connection_prune(int);
875 struct connection *kore_connection_new(void *);
876 void kore_connection_event(void *, int);
877 int kore_connection_nonblock(int, int);
878 void kore_connection_check_timeout(u_int64_t);
879 int kore_connection_handle(struct connection *);
880 void kore_connection_remove(struct connection *);
881 void kore_connection_disconnect(struct connection *);
882 void kore_connection_start_idletimer(struct connection *);
883 void kore_connection_stop_idletimer(struct connection *);
884 void kore_connection_check_idletimer(u_int64_t,
885 struct connection *);
886 int kore_connection_accept(struct listener *,
887 struct connection **);
888 void kore_connection_log(struct connection *,
889 const char *, ...)
890 __attribute__((format (printf, 2, 3)));
891 const char *kore_connection_ip(struct connection *);
892
893 void kore_log_init(void);
894 void kore_log_file(const char *);
895
896 #if defined(KORE_USE_PYTHON)
897 int kore_configure_setting(const char *, char *);
898 #endif
899
900 /* config.c */
901 void kore_parse_config(void);
902 void kore_parse_config_file(FILE *);
903
904 /* mem.c */
905 void *kore_malloc(size_t);
906 void *kore_calloc(size_t, size_t);
907 void *kore_realloc(void *, size_t);
908 void kore_free(void *);
909 void kore_mem_init(void);
910 void kore_mem_cleanup(void);
911 void kore_mem_untag(void *);
912 void *kore_mem_lookup(u_int32_t);
913 void kore_mem_zero(void *, size_t);
914 void kore_mem_tag(void *, u_int32_t);
915 void *kore_malloc_tagged(size_t, u_int32_t);
916
917 /* pool.c */
918 void *kore_pool_get(struct kore_pool *);
919 void kore_pool_put(struct kore_pool *, void *);
920 void kore_pool_init(struct kore_pool *, const char *,
921 size_t, size_t);
922 void kore_pool_cleanup(struct kore_pool *);
923
924 /* utils.c */
925 void fatal(const char *, ...) __attribute__((noreturn))
926 __attribute__((format (printf, 1, 2)));
927 void fatalx(const char *, ...) __attribute__((noreturn))
928 __attribute__((format (printf, 1, 2)));
929
930 u_int64_t kore_time_ms(void);
931 char *kore_time_to_date(time_t);
932 char *kore_strdup(const char *);
933 time_t kore_date_to_time(const char *);
934 void kore_log(int, const char *, ...)
935 __attribute__((format (printf, 2, 3)));
936 u_int64_t kore_strtonum64(const char *, int, int *);
937 size_t kore_strlcpy(char *, const char *, const size_t);
938 void kore_server_disconnect(struct connection *);
939 int kore_split_string(char *, const char *, char **, size_t);
940 void kore_strip_chars(char *, const char, char **);
941 int kore_snprintf(char *, size_t, int *, const char *, ...)
942 __attribute__((format (printf, 4, 5)));
943 long long kore_strtonum(const char *, int, long long, long long, int *);
944 double kore_strtodouble(const char *, long double, long double, int *);
945 int kore_base64_encode(const void *, size_t, char **);
946 int kore_base64_decode(const char *, u_int8_t **, size_t *);
947 int kore_base64url_encode(const void *, size_t, char **, int);
948 int kore_base64url_decode(const char *, u_int8_t **, size_t *, int);
949 int kore_x509_issuer_name(struct connection *, char **, int);
950 int kore_x509_subject_name(struct connection *, char **, int);
951
952 void *kore_mem_find(void *, size_t, const void *, size_t);
953 char *kore_text_trim(char *, size_t);
954 char *kore_read_line(FILE *, char *, size_t);
955
956 #if !defined(KORE_NO_HTTP)
957 /* websocket.c */
958 void kore_websocket_handshake(struct http_request *,
959 const char *, const char *, const char *);
960 int kore_websocket_send_clean(struct netbuf *);
961 void kore_websocket_send(struct connection *,
962 u_int8_t, const void *, size_t);
963 void kore_websocket_broadcast(struct connection *,
964 u_int8_t, const void *, size_t, int);
965 #endif
966
967 /* msg.c */
968 void kore_msg_init(void);
969 void kore_msg_worker_init(void);
970 void kore_msg_parent_init(void);
971 void kore_msg_unregister(u_int8_t);
972 void kore_msg_parent_add(struct kore_worker *);
973 void kore_msg_parent_remove(struct kore_worker *);
974 void kore_msg_send(u_int16_t, u_int8_t, const void *, size_t);
975 int kore_msg_register(u_int8_t,
976 void (*cb)(struct kore_msg *, const void *));
977
978 #if !defined(KORE_NO_HTTP)
979 /* filemap.c */
980 void kore_filemap_init(void);
981 void kore_filemap_resolve_paths(void);
982 extern char *kore_filemap_ext;
983 extern char *kore_filemap_index;
984
985 struct kore_route *kore_filemap_create(struct kore_domain *, const char *,
986 const char *, const char *);
987 #endif
988
989 /* fileref.c */
990 void kore_fileref_init(void);
991 struct kore_fileref *kore_fileref_get(const char *, int);
992 struct kore_fileref *kore_fileref_create(struct kore_server *,
993 const char *, int, off_t, struct timespec *);
994 void kore_fileref_release(struct kore_fileref *);
995
996 /* domain.c */
997 struct kore_domain *kore_domain_new(const char *);
998 struct kore_domain *kore_domain_byid(u_int16_t);
999 struct kore_domain *kore_domain_lookup(struct kore_server *, const char *);
1000
1001 void kore_domain_init(void);
1002 void kore_domain_cleanup(void);
1003 void kore_domain_free(struct kore_domain *);
1004 void kore_module_init(void);
1005 void kore_module_cleanup(void);
1006 void kore_module_reload(int);
1007 void kore_module_onload(void);
1008 int kore_module_loaded(void);
1009 void kore_domain_closelogs(void);
1010 void *kore_module_getsym(const char *, struct kore_runtime **);
1011 void kore_domain_load_crl(void);
1012 void kore_domain_keymgr_init(void);
1013 void kore_domain_callback(void (*cb)(struct kore_domain *));
1014 int kore_domain_attach(struct kore_domain *, struct kore_server *);
1015
1016 #if !defined(KORE_NO_HTTP)
1017 /* route.c */
1018 void kore_route_reload(void);
1019 void kore_route_free(struct kore_route *);
1020 void kore_route_callback(struct kore_route *, const char *);
1021
1022 struct kore_route *kore_route_create(struct kore_domain *,
1023 const char *, int);
1024 int kore_route_lookup(struct http_request *,
1025 struct kore_domain *, int, struct kore_route **);
1026 #endif
1027
1028 /* runtime.c */
1029 struct kore_runtime_call *kore_runtime_getcall(const char *);
1030 struct kore_module *kore_module_load(const char *,
1031 const char *, int);
1032
1033 void kore_runtime_execute(struct kore_runtime_call *);
1034 int kore_runtime_onload(struct kore_runtime_call *, int);
1035 void kore_runtime_signal(struct kore_runtime_call *, int);
1036 void kore_runtime_configure(struct kore_runtime_call *, int, char **);
1037 void kore_runtime_connect(struct kore_runtime_call *, struct connection *);
1038 #if !defined(KORE_NO_HTTP)
1039 int kore_runtime_http_request(struct kore_runtime_call *,
1040 struct http_request *);
1041 void kore_runtime_http_request_free(struct kore_runtime_call *,
1042 struct http_request *);
1043 void kore_runtime_http_body_chunk(struct kore_runtime_call *,
1044 struct http_request *, const void *, size_t);
1045 int kore_runtime_validator(struct kore_runtime_call *,
1046 struct http_request *, const void *);
1047 void kore_runtime_wsconnect(struct kore_runtime_call *, struct connection *);
1048 void kore_runtime_wsdisconnect(struct kore_runtime_call *,
1049 struct connection *);
1050 void kore_runtime_wsmessage(struct kore_runtime_call *,
1051 struct connection *, u_int8_t, const void *, size_t);
1052 #endif
1053
1054 #if !defined(KORE_NO_HTTP)
1055 /* validator.c */
1056 void kore_validator_init(void);
1057 void kore_validator_reload(void);
1058 int kore_validator_add(const char *, u_int8_t, const char *);
1059 int kore_validator_run(struct http_request *, const char *, char *);
1060 int kore_validator_check(struct http_request *,
1061 struct kore_validator *, const void *);
1062 struct kore_validator *kore_validator_lookup(const char *);
1063 #endif
1064
1065 const char *kore_worker_name(int);
1066
1067 /* net.c */
1068 u_int16_t net_read16(u_int8_t *);
1069 u_int32_t net_read32(u_int8_t *);
1070 u_int64_t net_read64(u_int8_t *);
1071 void net_write16(u_int8_t *, u_int16_t);
1072 void net_write32(u_int8_t *, u_int32_t);
1073 void net_write64(u_int8_t *, u_int64_t);
1074
1075 void net_init(void);
1076 void net_cleanup(void);
1077 struct netbuf *net_netbuf_get(void);
1078 int net_send(struct connection *);
1079 int net_send_flush(struct connection *);
1080 int net_recv_flush(struct connection *);
1081 int net_read(struct connection *, size_t *);
1082 int net_write(struct connection *, size_t, size_t *);
1083 void net_recv_reset(struct connection *, size_t,
1084 int (*cb)(struct netbuf *));
1085 void net_remove_netbuf(struct connection *, struct netbuf *);
1086 void net_recv_queue(struct connection *, size_t, int,
1087 int (*cb)(struct netbuf *));
1088 void net_recv_expand(struct connection *c, size_t,
1089 int (*cb)(struct netbuf *));
1090 void net_send_queue(struct connection *, const void *, size_t);
1091 void net_send_stream(struct connection *, void *,
1092 size_t, int (*cb)(struct netbuf *), struct netbuf **);
1093 void net_send_fileref(struct connection *, struct kore_fileref *);
1094
1095 /* buf.c */
1096 void kore_buf_free(struct kore_buf *);
1097 struct kore_buf *kore_buf_alloc(size_t);
1098 void kore_buf_init(struct kore_buf *, size_t);
1099 void kore_buf_append(struct kore_buf *, const void *, size_t);
1100 u_int8_t *kore_buf_release(struct kore_buf *, size_t *);
1101 void kore_buf_reset(struct kore_buf *);
1102 void kore_buf_cleanup(struct kore_buf *);
1103
1104 char *kore_buf_stringify(struct kore_buf *, size_t *);
1105 void kore_buf_appendf(struct kore_buf *, const char *, ...)
1106 __attribute__((format (printf, 2, 3)));
1107 void kore_buf_appendv(struct kore_buf *, const char *, va_list)
1108 __attribute__((format (printf, 2, 0)));
1109 void kore_buf_replace_string(struct kore_buf *,
1110 const char *, const void *, size_t);
1111
1112 /* json.c */
1113 int kore_json_errno(void);
1114 int kore_json_parse(struct kore_json *);
1115 void kore_json_cleanup(struct kore_json *);
1116 void kore_json_item_free(struct kore_json_item *);
1117 void kore_json_init(struct kore_json *, const void *, size_t);
1118 void kore_json_item_tobuf(struct kore_json_item *, struct kore_buf *);
1119 void kore_json_item_attach(struct kore_json_item *, struct kore_json_item *);
1120
1121 const char *kore_json_strerror(void);
1122 struct kore_json_item *kore_json_find(struct kore_json_item *,
1123 const char *, u_int32_t);
1124 struct kore_json_item *kore_json_create_item(struct kore_json_item *,
1125 const char *, u_int32_t, ...);
1126
1127 /* keymgr.c */
1128 void kore_keymgr_run(void);
1129 void kore_keymgr_cleanup(int);
1130
1131 #if defined(__cplusplus)
1132 }
1133 #endif
1134
1135 #endif /* !__H_KORE_H */